So I'm configuring a NV 3430 that has both a t1 connection and a Comcast connection on the same box. Everything appeared to be working well from the router, until I started trying to get places from local clients(Default route is over PPP). After troubleshooting it looked like local clients on this router were being NAT'd when going over the PPP interface! So I knew the policy-class was missing something, but I'm not sure the best way to remedy this situation. I know I could build a policy-class for the PPP interface and apply it and insert an allow-list * policy *PPP*, but what I'm wondering if there's something simpler where it will simply allow anything going over the PPP. I was looking at the 'self' and it says that it includes any 'local interface'. What I'm not sure of is whether or not PPP interfaces are considered local and are covered by 'self'. If so, I should be able to simply add a line like:

<new code>

!

ip policy-class Private

allow list self self

allow list ACL-Private policy Private stateless

allow list ACL-Private self stateless

allow list ACL-Tunnel policy Tunnel stateless

nat source list ACL-NAT interface eth 0/2 overload

!

</new code>

Any other ideas on this would be appreciated. I know there's probably a simple solution I'm just overlooking.

Thank you for asking this question in the Support Community. Is the T1 another Internet connection, or a point-to-point connection to another location? If it is another Internet connection, are you using it for load sharing or Internet WAN failover (guides linked)? If it is not an Internet connection, then typically the default route will be pointed out the Internet connection (Comcast in your example).

There are multiple ways to design/configure this application. Please, provide some additional information about the T1 connection and I will give you recommendations.

I wound up just adding a policy-class for the ppp interface and everything seems to be working well now. The T1 is a PPP connection to another location that serves as the primary source of internet (Ideally). The comcast in this setup would simply be for failover if the t1 went down. I am curious as to whether or not the 'self' would consider ppp to be a local interface, or if I did really need to build a policy-class for the ppp as well. Normally this is something we don't do, since the ppp interface goes back to our co-located facility for internet, so I don't need the router to firewall, since that is taken care of by a dedicated box.

I went ahead and flagged this post as "Assumed Answered." If any of the responses on this thread assisted you, please mark them as Correct or Helpful as the case may be with the applicable buttons. This will make them visible and help other members of the community find solutions more easily. If you still need assistance, we would be more than happy to continue working with you on this - just let us know in a reply.